International Internet Ad Fraud Operation Busted

CYBERSPACE—The Federal Bureau of Investigation announced yesterday the dismantling of an international criminal operation and arrest of six Estonian nationals charged with infecting millions of computers globally in a scheme to manipulate the multi-billion dollar online advertising industry.

The law enforcement operation, dubbed Operation Ghost Click, was revealed Tuesday in New York when the criminal indictment was unsealed. "Working primarily from Estonia and Russia, the defendants effectively hijacked 4 million computers in a hundred countries—including half a million computers in the United States," said Janice Fedarcyk, Manhattan Assistant U.S. Attorney. "Those half-million U.S. computers include those used by individuals, as well as computers housed in businesses and government entities such as NASA."

In an accompanying article describing the manner in which the large-scale cyber crimes were committed, the FBI reported, "Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.

"DNSChanger was used to redirect unsuspecting users to rogue servers controlled by the cyber thieves, allowing them to manipulate users’ web activity," the article continues. "When users of infected computers clicked on the link for the official website of iTunes, for example, they were instead taken to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software. Not only did the cyber thieves make money from these schemes, they deprived legitimate website operators and advertisers of substantial revenue."

Operation Ghost Click was undertaken with international cooperation, including with Estonian law enforcement, which yesterday took the six alleged cyber criminals into custody along with computers and rogue DNS servers used in the commission of the alleged crimes.

The men arrested, according to an FBI press release, are Vladimir Tsastsin, 31, Timur Gerassimenko, 31, Dmitri Jegorov, 33, Valeri Aleksejev, 31, Konstantin Poltev, 28 and Anton Ivanov, 26. A seventh defendant, Russian national Andrey Taame, 31, is still at large. The U.S. Attorney’s Office will seek to have all of the defendants extradited to the United States for prosecution.